malwarewikiaorg-20200223-history
FindZip
FindZip '''(also known as '''Patcher or FileCoder) is a ransomware that runs on MacOS. It is aimed at English-speaking users. Payload Transmission FindZip is distributed through pirated sites for hacked programs, fraudulent downloads, repackaged and infected installers. It pretends to be Adobe Premiere Pro CC 2017 Patcher or Microsoft Office 2016 Patcher for Mac OS, and also uses signed certificates. Infection When opened, FindZip displays a rather goofy-looking mostly-transparent window. At this point, nothing will happen unless the user clicks the “start” button. They can feel free to quit the app again at this point without suffering any consequences. If the user makes the mistake of clicking the “start” button, FindZip will begin encrypting the files in the user's home folder, showing a message indicating that it is patching the app (Adobe Premier Pro or Microsoft Office) and that the process may take up to 10 minutes. It makes a mess on the desktop with numerous README, DECRYPT, and HOW_TO_DECRYPT files. They all contain the same instructions: NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption method. What do I do ? So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy way If You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT FOLLOW THESE STEPS: 1) learn how to buy bitcoin https://en.bitcoin.it/wiki/ Buying_Bitcoins_(the_newbie_version) 2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb 3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com 4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes) KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON'T BE ANY METHOD TO RECOVER YOUR FILES, DON'T WASTE YOUR TIME! The encrypted files, having filenames ending in .crypt, are created using the zip command in the shell to create encrypted .zip files. These files are all given the same passcode, a randomly-generated 25-character string. Interestingly, .crypt files are created for folders, but don’t appear to contain the folders’ contents. Instead, there are more .crypt files inside the original folders. Only files actually get encrypted, and subsequently deleted. It actually encrypts itself as well. After it runs once, if it was run from somewhere in the user folder (like the Downloads folder or the desktop), it’ll never run again. The key used to encrypt the files is never uploaded to a command & control server anywhere, so that hacker would have no way to help the user to decrypt their files if they paid him. Category:MacOS Category:MacOS trojan Category:Trojan Category:MacOS ransomware Category:Ransomware